Overview

overview

10

Static

static

3

2024-11-16...ky.exe

windows7-x64

10

2024-11-16...ky.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-11-2024 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-16_1c2428365c1bcf5ea170a949a75a4e7e_locky.exe

  • Size

    142KB

  • MD5

    1c2428365c1bcf5ea170a949a75a4e7e

  • SHA1

    207b67aa344875ae4cf2e660dc0c55e8e6179f47

  • SHA256

    1b0528fcbbc8476784150df855cdb2410fbc08ca825accf1622160c5900523be

  • SHA512

    73d97bd231adc1075c7320071bb848ee1b009fd99beed78d4194d3f06e80bb26792d7722bcd828823cc3a7302b5e39f6c0c69f434b2ee2c02aec8d2c44ce03fa

  • SSDEEP

    3072:bok+l9BrtPYPsZjRGRgVmJdfxT+pkJAKnecZeuv0v:bok+l5BZRGRBJ1xT2kJ7ecg1v

Score
10/10
lockylocky_osirisdefense_evasiondiscoveryransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Locky (Osiris variant)

    Variant of the Locky ransomware seen in the wild since early 2017.

    ransomwarelocky_osiris
  • Locky family
    locky
  • Locky_osiris family
    locky_osiris
  • Deletes itself 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-16_1c2428365c1bcf5ea170a949a75a4e7e_locky.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-16_1c2428365c1bcf5ea170a949a75a4e7e_locky.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2636
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2612
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\2024-11-16_1c2428365c1bcf5ea170a949a75a4e7e_locky.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2080
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\OSIRIS-9746.htm
    Filesize

    8KB

    MD5

    0316fcef9d96752d34e225490bb946e4

    SHA1

    2d02591bc1f70d456cf0da36d80d9310dc27dc7f

    SHA256

    39322286e6c6ac291fa76e3d0f2bef92ace76f95fdb487a7b301faef9f8d3cc6

    SHA512

    03afcc9e55d2065a5feceacc3aaff8a3ac22015982a50b425509ec602223be12909ac597669c9673efa84de46e4be4b9cf917cc9699deb9db32399f2009a4387

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d62fab31b54e15edef89254a8ec3b050

    SHA1

    0398b8e79ed06f8f1e27cf064a5a1f9c6f995839

    SHA256

    7fee4f4cb589cffa38eab9f7719ea5372a60029c1f891f7ef3299acdd57a84f8

    SHA512

    785dfea67fb382fea3e8cec9a054d61994730a5322ffa3d0b38973aacea7cea24d45b6a3b9a7cadc3edaf2464bfa2651193fe6a918fe878ca657e54477c74b07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    477fd47d6a5b86ca6f97e7a563e1d190

    SHA1

    b7d82acf740f8198af5b0f68604fea0268ac4b7b

    SHA256

    feb5c0e9e1c9298618f3731dece574224460e3ba215a2a4bcf7430c25b993b76

    SHA512

    390f1d9270eb5c8a6181c5b4d005d2d82ccf514b7baa81ce310099ae96f449de977e95a5b04394d704961d960500c47adbc801b21b35a81fbc6c066838b89c57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6f90b3c3d24dec17936447788a9a5f3

    SHA1

    f3e577eb1be710353101543d62e1f33c802559e3

    SHA256

    ff58787053d526b4205c17b85f43ed08dface9e4684dcd484ebfa3f9da3b6b2d

    SHA512

    816ad58c48894964a15c6c3b3d1c785b6e49c8b5348d9228760a9275fb7538beaf2817d08ce4e6c82511e27e51649006455b7697fce2d1d6702dddc10ba746a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1aed933b6d315ebe1a7838d4dc50ee4d

    SHA1

    ee09e35d74f6db24a46f2d73554bc166e17e3a1d

    SHA256

    a4769501180ad9ffe7462cc8a27d9f376c8b0b6ea0006b56948c0c8ddba63efe

    SHA512

    f9a4b12ac19df83cc2cebd116b6885d2a733f75c10e15cf524ee5df4315c7193a40ae70200df8423152d2c5035d76125fb13e4d802c463f8981dea2dc5f51c14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac8153aa92b2ce38b381740990ad82db

    SHA1

    1bd7a72e6ff9cb27ec136b9a06c6c1b0fff276eb

    SHA256

    2b5e9c252c88f68cecc1bdf326c7f289013c4a1463d4be06fa421c9942f6d161

    SHA512

    ebc05ac6f548eabc62393863fcbfc09e5dcc90398fe14138ac0144c088c70cb950b7693b5d4b8425a08a64a467cb15873cfbb25954a8d1b0fdd6fc1c7a9c4ed5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f070e9a2d3d8eb65cd36d64ca151c826

    SHA1

    56be90b7cb0f1618870fe9b8bbc28df0225921d0

    SHA256

    0597d7407e6d4a6629ad86637c240d3467bac8e02089b948f4ba335898cd69c3

    SHA512

    46e7944a90c3f8435e159ab3f5089cddf620badf350a9b9604c056afb36bda049d220f6b6e17316dd88423f762dc5f7d13d02af430c43f9f7a62bb0529d6541c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6da87bb12f3a9910c282f037e6621e7

    SHA1

    57786bfd98b379bf283a4bc57144fd57e7b495c9

    SHA256

    5ac6ae447abd3bb0d32fe362e7d6a453dfe149ec7235faf49e606c436e7ada11

    SHA512

    20d06dad2ecdc62125a9ae06091ac2277b33aa723a84c98ced7d9a6335bc987f393845794a6e805d0bd3fcbb092d58bda4aae60eebfcd23e9452a444b17f1f2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f5101041f367799b9b2c975ffa9e9e3

    SHA1

    592d3be0f9fded5d4bbe894a628cda80b635f798

    SHA256

    12ddb141a86cd2f5557cc75bf015d71935aa70c89d10473644bb5c1df8c9e1cd

    SHA512

    bcb0f993a42053bdebe626be513bb97825e13381c08b43ca3fa896a3bc272125e79518ba1ab0693765134c40212eaecbf8b2351cbeb9a4f8bf8316fa60392b00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71fb13192afbd0431db07578a184000c

    SHA1

    4def41ff1ce0e70ce78f9172ba79c50e216a4257

    SHA256

    f2c796a34eb3130331dbd8b3d52ec087eef8fe57e83131d3514876c93baa9105

    SHA512

    bf41d8652b44deae5f0f7a7465ab47dac1975dd824d75083b054318cf29717181b9109b54c7756b12d33716487fe5aebeb1608559a4b12d28bdc6d87524159ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    587c28780409c83250948ed70d6ed7ca

    SHA1

    f9dd0ce90cf7f58b96c12a5960075d56e5958146

    SHA256

    2da4ea137dffe019a181e520540bebc6267327d36db5ed2126cb35839bc91a0f

    SHA512

    e29d453d1e89d60209ff0ad94e0c8cd79e9bba80e6752f83d4f7cc0d0bc1948dcbe7efb207555c642d15c71b2fc75c579cabcbc629c9376a5a3b1f2b5e23f8fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5307acc4c8132e9735194a76fedeea46

    SHA1

    b758b203dd1ff66f24233ac54fdee1e93bf5682b

    SHA256

    769dc47b10d5b6ac57f90343275d1cfe8e26764ae7e7f6397155155de14cfd3d

    SHA512

    7529aa5ef383665d738b02442d0524c01ea439ad7cdb44b023fe1486364e4d5fef27eb8783210301124521974da4e416fadb0fef38b67f6f4fe93342ba839e4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb2eab17f9efa6345682e0a0d9cba928

    SHA1

    b2be9f50d02d99559143f4e807aecadfd6fe29e5

    SHA256

    35ea547298a798fddd2b0c023c43af874f417d60cd93dec04909c022696196fd

    SHA512

    b1f49da9a63c12f09e132afa8dc5a287d81ee418412d120339df67d247b39da3fddcf99516e673552a2f12ff7f09c734f0b728d5bd19e428a5765b15a79a3d28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0dd9db3259eab818cc215fb3b09f3d0

    SHA1

    c74cba82e4415710e71f8fd6a6f7488975dc755d

    SHA256

    f40af38d3260a15c3e0e98457b10b4235ccbf803f355eaaceb54b44aae070e5c

    SHA512

    fcf1cf224e2cb7f0fab53a2e77d5f006219768b518b74796251a210b76380b77190657e2b14110bafb16d8e2d8a72fdf54662e2641cacdfa6073ad983421c35d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eed343a191129f112aba1de89f9d2b06

    SHA1

    0be2f8fb248d620f0b48420571521edc8356aa1e

    SHA256

    c7db0f1208a0ab902e9538fa909f35ea637305c36f57a173171686d580764715

    SHA512

    17ea0e96aca9410bc4cab658d6cc4feff98f10dc542364fa8936933d226c6ff90829acc8be013fe53801afa11ce60721ed5a4bf917f649c1de39af65c3226752

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    546e8fb6f8b5ec4418e5bf856c426351

    SHA1

    d31d2f3e4adfc72d082dcf77a7bc957548ae6b84

    SHA256

    c058a01ff435cf298afef08985f704240a7ff84fc8d816a0758b723c81eef631

    SHA512

    20d6852f5c82715dc19985ea709e23be6cd1e2f52688d375d7645420ec91d403f48c70c23bb672088c7c80739a2a9d126806ae79308f647737617203fb3d0604

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2722fd7cb9e13da88d837b899a47d2c7

    SHA1

    dff326415b3649a7ddcbfa1e2d4e7de5ba43207d

    SHA256

    4a525866a624386bdb8ee427fd8cacb2e945bbadb4442f89893d447d827658d7

    SHA512

    01f3f3631783c1099fc0e8631d0871e8dbe3e1a5dad9b071f45be3969ce21325ff6404b47e70ae5dc946a2e8390cd9894a9e657483129643858128aa8e730b68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49968ed1020451a61a8859a0598af928

    SHA1

    5310acd67bada5dbcd3b3f7343ddc320a121d468

    SHA256

    4844cc50af57bdab6e76dbb9d3ebffb559907876029707d6c994ffad1fd946fa

    SHA512

    4af7816230de51791223a067d348275ba9cae36dd809dbf384163e4c7146911f3f7849e50a1fe093ec521801397bbb71561e6add53f74a591e4c43b3ddeebe3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    467c64a49e79c44355b87bc26cc137b5

    SHA1

    97108bb005a6933d4a8f04a898da52bf982ae148

    SHA256

    5e66e88ceec96e71aa5da0c8956b16588fc8590c9b690f0c66b38e5b2fb7111b

    SHA512

    de38f375d849299448ce44687d7d308776b485622cbdfb3d6c94b79ce57e0e1942b3cfc98848d6b3224de129d32c450b5bee834ea0f3d2b876560936cd37b98e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab716C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar718E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\DesktopOSIRIS.bmp
    Filesize

    3.4MB

    MD5

    3aa17b825447921f5f23d7efd5abd209

    SHA1

    67262efe297d4142078076aaa0e10d267796cfc7

    SHA256

    719b5d6fb6920589bbec0d666539a4b5d090825de32195fa2ec7fbe633c96721

    SHA512

    edc57d5a0c6c0514b79402912f40f2cb67d5bcdda5ad42d9b129d94d8191ed9a7cde46854debfc8e2a35221dad725db96218275988e79c95bf224667b1b0bcf6

    Download Submit

  • memory/2552-1-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-10-0x0000000000230000-0x0000000000257000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2552-347-0x0000000000230000-0x0000000000257000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2552-352-0x0000000000BE0000-0x0000000000BE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2552-356-0x0000000000230000-0x0000000000257000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2552-9-0x0000000000230000-0x0000000000257000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2552-8-0x0000000000230000-0x0000000000257000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2552-3-0x0000000000ED0000-0x0000000000EF7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2552-2-0x0000000000230000-0x0000000000257000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2552-0-0x0000000000230000-0x0000000000257000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2724-789-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-353-0x00000000000C0000-0x00000000000C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2724-354-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download